Bug 1220858 - [Build 5.30] mozilla-nss-certs is missing in basesystem
Summary: [Build 5.30] mozilla-nss-certs is missing in basesystem
Status: RESOLVED FIXED
: 1221121 (view as bug list)
Alias: None
Product: PUBLIC SUSE Linux Enterprise Server 15 SP6
Classification: openSUSE
Component: Media Content (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Normal
Target Milestone: ---
Assignee: Eugenio Paolantonio
QA Contact: Marcus Meissner
URL: https://openqa.suse.de/tests/13680074...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-04 11:17 UTC by Martin Loviska
Modified: 2024-03-20 13:34 UTC (History)
4 users (show)

See Also:
Found By: openQA
Services Priority:
Business Priority:
Blocker: Yes
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Loviska 2024-03-04 11:17:40 UTC 
## Observation

openQA test in scenario sle-15-SP6-JeOS-for-kvm-and-xen-x86_64-jeos-base+sdk+desktop@uefi-virtio-vga fails in
[orphaned_packages_check](https://openqa.suse.de/tests/13680074/modules/orphaned_packages_check/steps/15)

## Test suite description

Package mozilla-nss-certs has been marked as orphan by openQA test

Information for package mozilla-nss-certs:
------------------------------------------
Repository     : @System
Name           : mozilla-nss-certs
Version        : 3.90.1-150400.3.35.2
Arch           : x86_64
Vendor         : SUSE LLC <https://www.suse.com/>
Support Level  : unknown
Installed Size : 557.0 KiB
Installed      : Yes (automatically)
Status         : up-to-date
Source package : mozilla-nss-3.90.1-150400.3.35.2.src
Upstream URL   : https://www.mozilla.org/projects/security/pki/nss/
Summary        : CA certificates for NSS
Description    :
    This package contains the integrated CA root certificates from the
    Mozilla project.


## Reproducible

Fails since (at least) Build [5.8](https://openqa.suse.de/tests/13583764)


## Expected result

Last good: [4.88](https://openqa.suse.de/tests/13549238) (or more recent)


## Further details

Always latest result in this scenario: [latest](https://openqa.suse.de/tests/latest?arch=x86_64&distri=sle&flavor=JeOS-for-kvm-and-xen&machine=uefi-virtio-vga&test=jeos-base%2Bsdk%2Bdesktop&version=15-SP6)
Comment 1 Eugenio Paolantonio 2024-03-05 15:53:31 UTC 
Hi, thanks for the bug report.

Setting as confirmed as it is unsorted in 000product. It's not an explicit dependency in the groups, so will investigate what doesn't make it pull in the first place.
Comment 2 Eugenio Paolantonio 2024-03-05 17:35:20 UTC 
Both mozilla-nss-certs and p11-kit-nss-trust provide the same library, libnssckbi.so.

That library is required by ecryptfs-tools. Indeed, looking at the currently generated package-lists the dependency is satisfied as p11-kit-nss-trust has been included.

I haven't determined right now why recent rebuilds switched to p11-kit-nss-trust.

I will add mozilla-nss-certs as an explicit dependency in the groups file so that it will be shipped no matter what.

Thanks!
Comment 3 Radoslav Tzvetkov 2024-03-11 10:58:28 UTC 
*** Bug 1221121 has been marked as a duplicate of this bug. ***
Comment 5 Eugenio Paolantonio 2024-03-20 13:34:54 UTC 
Fixed in SP6 67.1.